Evidence first

See why this control room is worth trusting without reading every workflow by hand.

This page collects the shortest truthful evidence trail for Apple Notes Snapshot. It separates repo-owned gates, GitHub-controlled delivery facts, live Web/API/MCP surface checks, and the places where a real host or macOS permission prompt still becomes the final boundary.

Ledger 1 Repo gates

Maintainer-grade checks keep the tracked tree honest before a release ever ships.

Ledger 2 GitHub truth

Release tags, Pages, and code-scanning alerts live in a different truth layer from your local checkout.

Ledger 3 Live access proof

Web and MCP are real, but they stay tightly bounded and read-only-first in spirit.

Ledger 4 Manual boundary

Apple Notes permissions and launchd mutations still belong to your machine, not to this docs page.

Current tagged baseline

v0.1.12 is the latest public release, and release history stays the public trail.

The latest public release is v0.1.12. Treat later main-branch changes as preview truth until a newer tag exists, and use release history when you want the tagged story instead of a local guess.

Access boundary

Web and MCP are real, but they do not become a hosted platform.

The Local Web API stays token-gated and machine-bounded. MCP stays stdio-first and read-only-first. The repo still does not claim a public OpenAPI, hosted API, or write-capable agent platform.

Repo-side proof

  • ./notesctl rebuild-dev-env rebuilds the repo-owned maintainer environment.
  • pre_commit --all-files enforces gitleaks, docs-link-root hygiene, legacy-path scan, and public-surface-sensitive scan.
  • scripts/checks/ci_gate.sh keeps the default local pre-push path deterministic by running repo-local hygiene, vendor-tree checks, unit tests, and wrapper smoke only.
  • The repo keeps five distinct layers: pre-commit, pre-push, hosted, nightly (scheduled deterministic replay), and manual.
  • The maintained test floor is 90% coverage on the repo-owned ops surface.

These are maintainer-grade gates. They are stronger than the first successful snapshot path and exist so contributors can prove the repo still matches its own public contract.

GitHub-controlled proof

  • GitHub Releases show the current tagged public trail.
  • Pages publishes the docs site from the tracked docs/ surface.
  • Trusted CI, CodeQL, Nightly Deterministic Audit, Trivy, Actionlint, and Zizmor stay as live GitHub-hosted guardrails.
  • GitHub-side alert truth is hosted-only here: GitHub Alert Gate, code scanning, secret scanning, and private vulnerability reporting belong to the GitHub control plane, not to the default local hook path.
  • Branch protection, private vulnerability reporting, secret scanning, and GitHub alert state still live in the GitHub control plane, so re-read them from GitHub before you collapse them into repo-side done claims.

Treat GitHub-controlled truth separately from the tracked tree: release tags, Pages deployment, and alert counts can drift after a local checkout goes stale.

Live access proof

  • Local Web API: token-gated requests to /api/health, /api/access, and /api/status were re-run against a local ./notesctl web process.
  • MCP: stdio initialize and tools/list were re-run against ./notesctl mcp, confirming the read-only-first tool surface still advertises the current contract.
  • AI Diagnose: ./notesctl ai-diagnose --json still returns a deterministic advisory report when the AI provider is disabled or not configured.

These live checks prove the thin surfaces are real. They do not promote the project into a hosted service or replace the deterministic CLI as the system of record.

What still belongs to your machine

  • The first successful snapshot still requires a real ./notesctl run --no-status on your Mac.
  • Apple Notes / AppleScript permission prompts still belong to macOS and your current terminal host.
  • ./notesctl install --minutes 30 --load still becomes a real launchd mutation on your machine.
  • The repo can prove the contract and the tooling shape, but it cannot pre-approve your local permissions or promise that every machine is already initialized.

What this page does not do for you

This page is a trust ledger, not a shortcut around the real access boundary. It does not replace Quickstart, it does not skip Apple Notes permissions, and it does not turn the Web/API/MCP surfaces on your machine into a hosted platform promise.

Open the right proof trail next

  • Quickstart if you want the honest first-success path
  • Security and privacy if you want the token and disclosure boundary
  • For Agents if you want the builder second lane after the control-room contract already makes sense
  • Release history if you want the tag-by-tag public story